mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
CVE-2021-28168
Signed-off-by: Wayne Beaton <wayne.beaton@eclipse-foundation.org>
This commit is contained in:
Wayne Beaton
parent
698d121453
commit
5b3992f0f9
@ -4,15 +4,92 @@
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2021-28168",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "security@eclipse.org",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "The Eclipse Foundation",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Eclipse Jersey",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": ">=",
|
||||
"version_value": "2.28"
|
||||
},
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "2.33"
|
||||
},
|
||||
{
|
||||
"version_affected": ">=",
|
||||
"version_value": "3.0.0"
|
||||
},
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "3.0.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFile which creates a file inside of the system temporary directory with the permissions: -rw-r--r--. Thus the contents of this file are viewable by all other users locally on the system. As such, if the contents written is security sensitive, it can be disclosed to other local users."
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"baseScore": 6.2,
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
|
||||
"version": "3.1"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-378: Creation of Temporary File With Insecure Permissions"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-379: Creation of Temporary File in Directory with Insecure Permissions"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://github.com/eclipse-ee4j/jersey/security/advisories/GHSA-c43q-5hpj-4crv",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/eclipse-ee4j/jersey/security/advisories/GHSA-c43q-5hpj-4crv"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/eclipse-ee4j/jersey/pull/4712",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/eclipse-ee4j/jersey/pull/4712"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user